A certificate cannot be removed if Smart Center server infers from other settings that the certificate is in use, for example, that the module belongs to one or more VPN communities and this is the module’s only certificate.
Cisco ASA Site-to-Site IPsec VPN Digital Certificates Apr 08, 2016 Set up and Add a VPN Connection in Windows 10 | Tutorials Nov 21, 2019
Always On VPN Device Tunnel and Certificate Revocation
Certificate mode: A certificate can be fetched automatically, manually, or disabled. Identity certificates: The identity certificate that is used to identify a configured VPN as a legitimate VPN connection. Note: This setting requires that the Passcode policy is also configured on the device. This setting is supported for Android MDM App 3.55 Authentication - AWS Client VPN
A VPN gateway should use long Pre-shared keys to eliminate chances of being hacked, 10 plus characters is recommended. For large networks though, digital certificates should be implemented over pre-shared keys as digital certificates are scalable.
execute vpn certificate local import tftp server_certificate.p12